'Bomb threat' scammers linked to earlier sextortion campaign

Scare tactic efforts may be the work of a single group

Yesterday's 'bomb scare' spam campaign may have been a follow-up to another infamous email extortion effort.

Researchers with Cisco's Talos say that the rash of emails floated yesterday demanding that recipients pay a Bitcoin ransom or face the possibility of a bomb attack on their offices are simply an evolution of the scare-tactic extortion scam that surfaced in October of this year.

In that scam, the sender copied passwords from a for-sale list of stolen credentials then sent them to a target claiming to have installed malware on their computer. The victim was told to send money or have compromising videos leaked. Of course, those videos did not exist and there was no malware.

This week, the scammers pivoted to a new type of threat, spaffing out emails that claimed the recipients building would blow up unless they sent $20,000 in Bitcoin.

US bitcoin bomb threat ransom scam looks like a hoax say FBI, cops

The composition of the emails, as well as the demand for Bitcoin payoffs, was remarkably similar, and Talos researcher Jaeson Schultz thinks he knows why.

"Multiple IPs involved in sending these bomb threats also sent various types of sextortion email that we saw in the previous campaign," Schultz explained.

Fortunately, Schultz says, the latest technique is not paying off for the hapless extortionists.

"Only two of the addresses have a positive balance, both from transactions received Dec. 13, the day the attacks were distributed," he said.

"However, the amounts of each transaction were under $1, so it is evident the victims in this case declined to pay the $20,000 extortion payment price demanded by the attackers."

With that sort of success rate, it is no surprise that, as of yesterday, the crew decided to try another threat to scare people out of their cryptocoins. This time, it is with the threat of an acid attack.

It should go without saying: Don't pay any ransom demanded by an unsolicited email, and report all threats to an admin and/or the police. ®